North Korean Hackers Target Developers in Expanded Supply Chain Attack Campaign

North Korean Hackers Target Developers in Expanded Supply Chain Attack Campaign

First seen 3 Jul 2026, 13:32 UTC NknewsCybersecuritynews 72% similarity 72.5
Share:

Article Content

Browse articles
ThreatCluster

North Korean-linked hackers have intensified their supply chain attack campaign, specifically targeting developers within open-source ecosystems. The campaign, named 'PolinRider,' has been linked to the Contagious Interview operation and involves hiding malicious JavaScript loaders in trusted code repositories. U.S. security firm Socket reported identifying 162 malicious release artifacts across 108 packages and browser extensions. This broadens the attack's scope, exposing numerous developers and organizations to potential credential theft and further attacks. The techniques used in this campaign echo previous North Korean operations but have significantly expanded their reach. Security researchers warn that developers running these compromised packages may unknowingly execute malicious code, heightening the risk of further exploitation.

Key Points: • North Korean hackers have launched a campaign named 'PolinRider' targeting software developers. • The campaign has identified 162 malicious artifacts across 108 software packages and extensions. • Malicious JavaScript loaders are hidden in trusted repositories, posing risks to developers.

ThreatCluster AI

Timeline

2026-07-03
PolinRider campaign reported
U.S. security firm Socket identified a campaign targeting developers with 162 malicious artifacts across 108 packages.
Nknews
2026-07-03
Malicious JavaScript loaders discovered
Security researchers uncovered that PolinRider hides malicious code in trusted open-source repositories.
Cybersecuritynews

Community

Browse all →